An attacker's ultimate goal is often to steal your crown jewels, the data that is most important to your business. In many organisations, this data resides on the 'internal' (typically Windows) office network. A common attack path is to breach an organisation's perimeter, take a position on the internal network and find a path to these crown jewels.Get Instant Online Quote
Internal Infrastructure penetration testing is ethical hacking of the internal Windows (usually) network infrastructure that belongs to an organisation. The objectives of this penetration testing service are;
These are the exact actions a real-world attacker will carry out once they have gained initial access to your internal network.A note on COVID-19: We are able to perform internal infrastructure remotely, without requiring a consultant to come to your premises. We will provide details of this during the booking process.
When an attacker is targeting an organisation, their ultimate aim is to gain access to the internal network of that organisation. They will attempt to do so by attacking the perimeter of the business, or by using social engineering attacks such as phishing.
Once an attacker has an initial foothold in the internal network, they will typically attempt to find and compromise the organisation’s ‘crown jewels’; whatever data or assets you have that are most valuable to your organisation. Attackers do this by traversing across the network, compromising various accounts and machines, gradually gaining deeper and deeper access until they have reached their goal.
The purpose of an internal infrastructure pentest is to determine how well protected your network is against attackers in this initial ‘foothold’ position, and how easy or otherwise it is for them to navigate through the network and steal your crown jewels, or take control of your domain.
The benefit of this kind of test is that our testers will find these holes in your networks and systems, they will discover the paths to your crown jewels in a safe and controlled manner, so that you can fix the weaknesses before the bad guys find them.
Manual Not Automated
You will learn a lot from the results of one of our internal pentests. Here’s what we’ll give you:
CREST Registered - CREST Certified
OnSecurity is a CREST (Council of Registered Ethical Security Testers) approved vendor. This means that all our test methodologies, processes, policies and procedures have been externally vetted by CREST to ensure we are operating to the highest standards possible in the pentesting industry.
On top of this the majority of our testers are CREST certified, meaning they have been through a CREST assault course (or CREST-recognised equivalent) to ensure they have the requisite skills needed to find and exploit vulnerabilities in a safe and controlled manner.
This external validation means you can be confident your pentests are being carried out to the highest standard, by vetted and tested consultants, who use a best-in-class manual-first approach to testing.
Booking one of our penetration testing services couldn’t be simpler. There are no phone calls or emails needed, all it takes is for you to answer two quick questions and we’ll get you onto our industry-leading Test:Flow platform.
From here, we’ll have the ability to provide you with an instant online quote for your required service.
We will begin your chosen penetration testing service on the date selected by you and begin reporting our findings as and when we discover them. There is no waiting around for weeks for these to come through, we’ll provide you with the information when we have it ourselves.Get A Quote
Make sure hackers can’t steal data via your main web app, and protect your app users.Read More
Make sure your deployments are secure - including AWS, Azure and GCP.Read More
Test to see how your external IT perimeter would hold up against intruders.Read More
See what hackers can do once they are inside your network.Read More
Office blocks, factories and power plants - if it has a door we can test it.Read More